Archive

Archive for March, 2008

iAntivirus Protects Your Mac

PC Tools will soon release iAntivirus security software for Mac users. The product displays a Mac-like simplicity and elegance, yet with powerful features that catches and removes known malwares in real-time.
Internet Downloads

A good example here is Trojan DNSChanger. This threat has been in the internet for more than four months now and it’s continually eluding security analyst by changing its domain names, IP addresses and ways in delivering this trojan to mac users.

iAntivirus on-guard catches this threat in real time.


Files Through Messengers

Let say someone you know or close to you sent you a file through messenger. Without your knowledge, the file is a Backdoor server component which the sender wishes you to install so that the client component which is on the attacker side could perform unauthorized task to your machine. Here’s the impressive real time catch of iAntivirus.


Files In Your USB Flash Drive

In our daily computing activities, USB flash or portable drives plays important role in storing, exchanging and transferring files. You often get out of control when too much files are stored and worst if one day you are dragging malicious files to your local hard drive.

Running Process

Perhaps, a keylogger running in background.


Get a free copy of this program from http://www.iantivirus.com.

Should Safari Join The Rat Race?

Few weeks ago, PayPal published a frequently asked question guide about “Safer Web Browsers“. The news maker part is this:

Which browser have anti-phishing features?
– Microsoft Internet Explorer 7 or later
– Mozilla Firefox 2 or later
– Opera 9.1 or later

Yes, this is true Safari 3.1 is not capable of detecting phishing site and this is where PayPal is most worried about – because they are always targeted by phishers.

Notice the two screenshots above, obviously Safari does not recognize anything while Firefox displays an alert message.

Base from last year report, Anti-Phishing Working Group receives an average of 25,000 new phishing sites per month and 91.7% of this attacks are related to Financial Services.

This is the reason why we will be seeing more security features integrating to web browsers just like Internet Explorer 8 Beta 1 – which was released last week. There are two significant security features in this version:

Safety Filter – It prevents known malicious sites from loading. However, this feature does not work in my testing. Perhaps, they are still working on it.


Domain Name Highlighting – As shown in the example below, the real domain name is not citibank.com instead it is 8martofftoday.org. Absolutely, a phishing site! This feature is also available in Mozilla plug-in “LocationbarĀ²“.


Mozilla Firefox 3 Beta 1 was previously announced and this version provides more security features including “Malware Protection”, “Anti-virus Integration” and “One-click site info”. Check the full release notes here.

The continuous proliferation of threats in the internet has escalated user’s security awareness. And this, factors into users’ expectation that softwares and application should provide security features. Beating up threats is just like a rat race and whether this is users’ problem or not, the trend is now pressuring Safari to blend in.

Cookies A Threat To Your Privacy

Do you wonder what is cookie all about and how it threatens your privacy ? Let’s take a deeper look.

A cookie is a text string of information that is sent by a website to your web browser and stores it to your hard disk so that the website will remember who you are.


Figure 1.0 shows how web browser request the web page to the server and how cookie is carried in the communication.

Cookie by itself is just a piece of information and not a program code. It is not capable of harming user’s computer, and they cannot act as a virus or worms. Cookies are created and used to allow server to store and retrieve state information. However, this small text file is rich in information, which may include your IP address, user name, email address, password, preferred language, shopping cart items and any strings that can be linked to your identity.

==========
Privacy Issue
==========
There’s a privacy issue if the cookie is stored in users’ computer without his/her knowledge or consent and this also includes affiliates or third-party cookies.
Figure 2.0 shows how a third-party ad server tracks users’ browsing habits and preferences to deliver a personalize advertisements.

This privacy issue has been addressed through legislation by different countries such as Europe and US. Their position is to allow cookies provided that there is a privacy policy informing users that the website is serving cookies, how it is being served, how it is being used and how people can refuse or accept it.

Here’s a good example of privacy policy statement:

http://www.bbc.co.uk/privacy/
http://www.doleta.gov/privacy.cfm

Also, this privacy issue has been discussed in RFC2965 – HTTP State Management Mechanism.

6. PRIVACY

Informed consent should guide the design of systems that use cookies. A user should be able to find out how a web site plans to use information in a cookies and should be able to choose whether or not those policies are acceptable. Both the user agent and the origin server mus assist informed consent.

So, what does it mean ? This means, websites that serves cookies without informed consent violates users’ privacy.

==============
Security & Privacy
==============

CLEAR TEXT

The cookie header and content are readable or in clear text format. Any sensitive or identifiable information is vulnerable and exposed to threats whether it is a malware, packet sniffers, cookie hijackers or another user of that pc.

Check your cookies and see how much personal information are stored.


Here’s how to check it :

Safari Users
– Go to Preferences and click Show Cookies.

Mozilla Firefox Users
– Go to Tools, Option and Show Cookies.

IE Users
– Go to Tools, Internet Options, General tab
– In Browsing History click Settings, View Files.

PERSISTENT

Persistent cookies does not expire soon enough even after the user ended the session. Thus, the website can build information or profile your browsing activity and preferences over time.


COOKIE POISONING

Cookie poisoning simply means performing unauthorized modification of the values stored inside the cookie. This can be easily done using tools and information available from the internet. Most websites stores persistent, non-secure cookies while some are secured but still there are web site that employs poor encryption that could be easily decoded.

A good example is performing tampering attack to a shopping cart to change the total shopping value to a huge discount.


THREATS

Worms – Mass-mailing worms such as NetSky and Lohack is capable to search and harvest email address to all .TXT files and this includes users’ cookies.

Trojan – Banking related trojans are usually capable of stealing users’ cookies.

Backdoor – There are backdoor that steals cookies associated to ebay, paypal and banks.

Exploit – This is usually employed using cross site scripting exploit, where a malicious user injects a code to a legitimate vulnerable website. So, all visitors of that website will get redirected where a malicious cookie stealer script awaits.

A malicious user could use the stolen cookies to impersonate or steal user’s identity online.

Phishers – URL links that are spammed through emails, blogs, messengers and forums may also link to a malicious cookie stealer sites.

=======
Summary
=======

Cookie is just a small piece of information but if it contains your identity, it is something that you should care about. Stealing information usually happens in background, it means without your knowledge. Cookies are harmless by itself, but the threats that surrounds it are out there in-the-wild. Malicious and exploited sites are everywhere and your cookies is always at risk.

For safety, everytime you input information online whether you are checking your email, doing net banking or shopping, you should always check your cookies and delete them together with your browsing history. There are available tools online that can help you perform this task as well.

Get informed and stay safe!